This is why we wait to upgrade!
Rowena
When Apple released Mac OS 10.13.0 (High Sierra) an egregious security hole was introduced that allows anyone to sign in to the root (admin) account without a password. Apple has acknowledged the issue and released a fix in less than 24 hours. All systems with 10.13.1 will now automatically install this fix. (This is only the second time I’m aware of Apple using the auto-install without an opt-out.)
“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Back when Mac OS Sierra (10.12.x) was still available, we urged our customers and friends to upgrade to 10.12.6. That was, and is, the latest stable version prior to the September release of Mac OS X 10.13. Everyone who followed that strategy dodged this particular bullet. We are simply playing the odds, this time, it worked out.
Some folks have already upgraded to Mac OS High Sierra (10.13.x). If that is the case, go into App Store-Updates as soon as possible, and apply all updates. Once you have done that your system will be safe from this vulnerability.
The terminology is a bit arcane, but when Apple says, “Update” that is a release within a major release. We recommend applying all updates. The term “Upgrade” means move from one major release to another. We don’t recommend doing that until 10.13.3 is available, some time in the new year at the earliest.
If you are on any version of Mac OS Sierra (10.12.x) then we recommend applying all updates. That will bring you to 10.12.6 and also includes security updates. Then apply any updates as they become available. Again, don't upgrade to Mac OS High Sierra until 10.13.3 at the earliest.
If you are on a version of Mac OS earlier than 10.12.x you have two options. You can stay put and wait for 10.13.3 (or later) and upgrade to that in the future. Or we can assist getting your system to Apple's stable release of 10.12.6. Since the installer for 10.12.6 is no longer available from Apple on the AppStore, it requires a technician to bring a copy on site. Please fill out this web form to notify us that you would like Please fill out this web form to notify us that you would like assistance or drop us an email if you are an existing customer.